Phishing Email Uses Google Drive to Get Past Microsoft Security

Phishing, email scams, tips to avoid spear-phishing

This week, Threatpost reported on a new spear-phishing attack that uses email sent via Google Drive claiming to be the CEO of the targeted company sharing important information with the recipients.  The email came from Google Drive, but the sender address didn’t match the company’s standard naming convention for email addresses.

Because the message was sent by a legitimate email service, it was able to bypass Microsoft Exchange Online Protection on its way to users’ inboxes.

You can read the full article here.

No Spam Filter or Email Gateway can Block 100% of All Spam

Spam Filters and Email Gateways have proven quite effective at blocking most of the junk email that gets sent by the thousands on a daily basis, but cyber criminals are always looking for new ways to bypass email security measures through social engineering, new strains of malware, and newly-discovered security flaws reported in  Microsoft Exchange Server and cloud email platforms. That’s why user training will continue to be a top priority for all businesses that use  email.

Tips to Avoid Phishing and Business Email Compromise (BEC) Attacks

In a prior post, I listed the following 10 tips to avoid falling victim to phishing emails.. Here’s a brief summary. You can read the entire post here.

10 Tips to Identify a Phishing Email

  1. Watch out for messages disguised as something expected, like a shipment or payment notification.
  2. Watch for messages asking for personal information such as account numbers, Social Security numbers, and other personal information. Legitimate companies will never ask for this over email.
  3. Beware of urgent or threatening messages claiming that your account has been suspended and prompting you to click on a link to unlock your account.
  4. Check for poor grammar or spelling errors.
  5. Hover before you click!
  6. Check the Greeting – Is the message addressed to a generic recipient, such as “Valued customer” or “Sir/Madam?” If so, be careful & think twice!
  7. Check the Email Signature – In addition to the greeting, phishing emails often leave out important information in the signature. Legitimate businesses will always have accurate contact details in their signature, so if a message’s signature looks incomplete or inaccurate, chances are it’s spam.
  8. Don’t download Attachments
  9. Don’t trust the From address –Know the difference between the “envelope From” and the “header From” addresses.
  10. Don’t Enable Macros –  Never trust an email that asks you to enable macros before downloading a Word document.

These 10 tips are explained in more detail in this post.

10 Tips to Protect Against Business Email Compromise (BEC) Email Attacks

Business Email Compromise goes beyond standard spam techniques by exploiting human nature and the trust established between employees and members of the executive team. Scammers use social engineering, CEO impersonation, and a variety of other techniques to trick users in accounting, finance, or other high-power positions into transferring money into the scammer’s accounts. These attacks are well-executed and targeted at specific individuals, and often take more time to plan and launch due to the amount of research that goes into these attacks. Cyber criminals use publicly available information on sites such as LinkedIn, Facebook and even the website of the targeted victim to gain insight into the company’s business practices. They will often study the writing styles of the executive team, allowing them to craft convincing emails that appear authentic to employees.

Because Business Email Compromise attacks are often so well-crafted, they are able to bypass standard security measures. These tips should help you identify a Business Email Compromise attempt if one should slip through your spam filter or email gateway.

  1. Train Users to recognize these Common Impersonation Tactics used by Cybercriminals
    • Domain Name Spoofing
    • Display Name Spoofing
    • Lookalike Domain Spoofing
    • Compromised Account
  2. Secure your Domain by registering similar domains.
  3. Don’t Over-share on Social Media
  4. Use SPF, DKIM & DMARC to protect your domain from spoofing.
  5. Use Two-Factor Authentication
  6. Use Strong Passwords
  7. Don’t trust unknown sources
  8. Establish strict processes for wire transfers
  9. Provide regular end-user training
  10. Run antivirus software often

You can learn more on how to avoid Business Email Compromise attacks here.

No business is too big or too small to fall victim to email-borne scams. In fact, cyber criminals often target smaller businesses based on the assumption that smaller companies are less likely to have the latest security systems in place. MDaemon Email Server and Security Gateway for Email Servers include a variety of features to protect businesses from spam, malware, and leaks of sensitive business data.

15% discount during August, 2019 for MDaemon Email Server and Security Gateway for Email Servers

Looking for a secure, affordable email and collaboration server or email security gateway for your business? This month, we’re offering a 15% discount off the price of MDaemon Email Server (new purchases), and Security Gateway for Email Servers (new, renewal, and upgrades).

Comments? Question? Let us know. We’re here to help!

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Another day, another attempt to scam me – but I know a phishing attempt when I see one!

Avoid phishing scamsIt’s just a fact of life: If there’s email, there will always be spam. Now, how much spam you have to deal with will depend on how good your spam filtering solution is. Here at MDaemon Technologies, we use our own products – MDaemon and Security Gateway, to filter out spam, malware, phishing attempts, and all of the other junk that often floods inboxes of users whose email server or hosted service isn’t as effective.

“If I have a good spam filter, do I REALLY need to know how to recognize phishing scams?”

If an email security company or hosted provider tells you their spam filter will catch 100% of spam, they’re not being completely honest. Most companies say their products catch 99% or 99.5% in their SLA (Service Level Agreement), with a false-positive rate of %.0001 or less. That’s reasonable and to be expected, especially considering the statistics.

According to public data, spam made up over 71% of global email traffic in April, 2014. As of September, 2018, spam volume had decreased to 54%, but considering that over 281 billion email messages are sent per day worldwide, that’s still over 151 billion spam messages sent every day, and while spam may be decreasing in total volume, it’s becoming more dangerous, with cryptojacking overtaking ransomware as the attack vector of choice for cybercriminals, and malware-as-a service turning cybercrime into a commodity for the masses,

So no matter how good an email security product is, there is always that chance that new and emerging (and sometimes tried-and true) social engineering techniques will succeed in tricking the next unsuspecting victim to part ways with his or her company’s bank account details.

And that brings me to the point of today’s post. It bears repeating that companies of all sizes and industries should consider ongoing training with their employees on how to recognize phishing attempts.

In today’s example, the scammer is using a classic BEC (Business Email Compromise) attack to try to get the recipient to open a malicious ISO file.

Phishing email using common Business Email Compromise tactics
Phishing email using common Business Email Compromise tactics

Because the threat of phishing and Business Email Compromise will continue well into the future, I will revisit this topic regularly throughout the year.

Meanwhile,  I would recommend sharing with all employees and business executives these 10 best practices for avoiding common email scams.

Business Email Compromise Protection Tips

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Seedworm Operation Spreads Malware via Phishing Attacks

Phishing Spam Graphic2018 has been a busy year for new threats spread via email, with spear-phishing and Business-Email-Compromise (CEO fraud) the rising star for cyber-criminals intent on draining your bank account. Recent victims include Google and Facebook ($100 million lost), McEwan University (almost $12 million lost), a New York judge ($1 million), and a Dutch cinema chain (over $21.5 million). These threats will continue to grow as cyber-criminals try new tactics to separate you from your money. The latest trend involves using encrypted HTTPS connections to trick users into thinking they’re visiting a secure site.  This means users can no longer trust a site that displays the green padlock icon in the address bar. Always verify that you’re visiting a legitimate site before entering any personal information such as Social Security or credit card numbers, otherwise, your private data could be transmitted to a hacker.

As we continue to bring awareness to these threats, new ones emerge almost daily. In the past three months, a cyber-espionage group known as Seedworm (aka MuddyWater) has used spear-phishing attacks to infect 131 individuals with the Powermuddy backdoor (a new variant of their Powermud backdoor). Once a system has been compromised, this malware runs a tool that steals passwords from a user’s browser and email, often leading to access to the victim’s email and social media accounts.

Protect Yourself from the Latest Threats

Over the years, I’ve posted many times about phishing, spear-phishing, and other threats, with a variety of suggestions for protecting yourself and your business from becoming the next victim. Throughout these posts (from oldest to newest), you’ll find lots of tips to avoid being tricked by these email-borne scams.

As the threat landscape continues to evolve, businesses of all sizes must maintain awareness of the latest email-borne threats and educate staff at all levels, from entry level to C-suite. After all, without the right tools and procedures in place, it only takes one misguided mouse click to damage a business’ reputation or send it into bankruptcy.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Four-Step Swindle: The Anatomy of a Business Email Compromise Attack

This week, we continue our series on Business Email Compromise. Click here to read Part 1, which includes an overview and various statistics on this growing threat.

It takes time and effort to launch a successful Business Email Compromise (BEC) attack. In a typical attack, several messages are exchanged in an attempt to convince the target to authorize large payments to the attacker’s bank account. From start to finish, the steps involved in a BEC attack consist of identifying a target, grooming, exchanging information, and finally, transfer of funds.

Let’s go over these four steps in detail.

Step 1 – Identify the Target Victim

Step 1 – Identify the Target Victim The first step in a BEC attack may be the most time-consuming. During this step, a criminal organization researches the victim to develop an accurate profile of the company. Through publicly available information, attackers look for the names and positions of company executives, especially those on the finance team. They scour social media, online articles, and anything else that will provide specific details about the company and its employees. Scammers who are able to infiltrate a company’s network with malware may spend weeks or months monitoring information on the company’s vendors, billing and payment systems, and employee vacation schedules. They have also been known to monitor the executive’s writing style in order to craft a convincing email using a spoofed email address or lookalike domain claiming to come from the CEO.

Step 2 – Grooming

Phishing - Business Email CompromiseArmed with the information obtained in Step 1, the scammer moves on to Step 2. During this step, the scammer uses spear-phishing, phone calls or other social engineering tactics to target employees with access to company finances. The grooming phase often takes several days of back and forth communication in order to build up trust. During this phase, the scammer may impersonate the CEO or another company executive and use his or her authority to pressure the employee to act quickly.

Here is an example sent to one of our Finance executives in which the sender used display name spoofing to spoof the name of our CEO. Cybercriminals will often use a free email address (notice the comcast.net domain), which can be easy to miss if you’re using a mobile device or some other client that doesn’t display the full email header.

Spear-phishing with Spoofed Display Name
Spear-phishing with Spoofed Display Name

 

 

 

 

 

 

 

 

Step 3 – Exchange of Information

phishing back accountDuring step 3, the victim is convinced that he is conducting a legitimate business transaction, and is then provided with wire transfer instructions.

Step 4 – Payment

And finally, funds are transferred and deposited into a bank account controlled by the criminal organization.Business Email Compromise bank transfer

What to Do if You Are a Victim

If you’ve suffered losses due to Business Email Compromise schemes, it is important to act quickly.

  • Contact your financial institution immediately.
  • Request your financial institution contact the institution that received the fraudulent funds.
  • Contact your local FBI office and report the incident.
  • File a complaint with the FBI’s Internet Crime Complaint Center (IC3).

You can find more detailed instructions in the FBI’s Public Service Announcement.

Want to learn more about how to protect yourself from Business Email Compromise scams? In Part 3, we’ll go over a few best practices, so check back soon!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •